Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-49763 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49109 | Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49106 | Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact <= 1.1.6 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49105 | Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49104 | Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.2.1 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49085 | Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.4 versions. | 9.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49067 | Unauthenticated SQL Injection in Advanced 301 and 302 Redirect <= 1.6.9 versions. | 9.3 | 0.30% | 2026-06-15 | 2026-06-15 |
| CVE-2026-49065 | Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce <= 1.9.5 versions. | 8.2 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48970 | Unauthenticated Broken Authentication in Really Simple SSL <= 9.5.10 versions. | 8.1 | 0.32% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48964 | Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions. | 8.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48889 | Subscriber Privilege Escalation in Amelia <= 2.3 versions. | 8.8 | 0.38% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48886 | Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48882 | Subscriber SQL Injection in WP Time Slots Booking Form <= 1.2.50 versions. | 8.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48881 | Unauthenticated Broken Access Control in TrueBooker <= 1.1.9 versions. | 9.1 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48874 | Subscriber SQL Injection in GamiPress <= 7.8.7 versions. | 8.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2026-48836 | Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions. | 10.0 | 0.57% | 2026-06-15 | 2026-06-15 |
| CVE-2026-45439 | Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions. | 9.3 | 0.29% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42687 | Unauthenticated PHP Object Injection in EventPrime <= 4.3.2.1 versions. | 8.1 | 0.32% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42665 | Unauthenticated SQL Injection in WP Data Access <= 5.5.70 versions. | 9.3 | 0.28% | 2026-06-15 | 2026-06-15 |
| CVE-2026-42664 | Unauthenticated Broken Access Control in AI Product Search for WooCommerce – Motive Commerce Search <= 1.38.2 versions. | 8.2 | 0.25% | 2026-06-15 | 2026-06-15 |